Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second (RPS) distributed denial-of-service (DDoS) attack. The web infrastructure and website security company called it one of the "largest HTTPS DDoS attacks on record." 
"HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS

Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second (RPS) distributed denial-of-service (DDoS) attack. The web infrastructure and website security company called it one of the "largest HTTPS DDoS attacks on record."

"HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection," Cloudflare's Omer Yoachimik and Julien Desgats said. "Therefore it costs the attacker more to launch the attack, and for the victim to mitigate it."

The volumetric DDoS attack is said to have lasted less than 15 seconds and targeted an unnamed Cloudflare customer operating a crypto launchpad.

Volumetric DDoS attacks are designed to overwhelm a target network/service with significantly high volumes of malicious traffic, which typically originate from a botnet under a threat actor's control.

Cloudflare said the latest attack was launched from a botnet comprising roughly 6,000 unique compromised devices, with 15% of the attack traffic originating from Indonesia, followed by Russia, Brazil, India, Colombia, and the U.S.

"What's interesting is that the attack mostly came from data centers," Yoachimik and Desgats noted. "We're seeing a big move from residential network Internet Service Providers (ISPs) to cloud compute ISPs."

Record-setting DDoS attacks have become increasingly common in recent months. In August 2021, Cloudflare disclosed what it characterized as the largest application-layer attack ever seen, and, earlier this year, Microsoft revealed that it had prevented multiple DDoS attacks that crossed 2.4 terabits per second (Tbps).

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

CloudFlare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second

Acquisition expands security software-as-a-service capabilities.

Cloudflare Flags Largest HTTPS DDoS Attack It's Ever Recorded

This scale of this month's encrypted DDoS attack over HTTPS suggests a well-resourced operation, analysts say.

April 29, 2022

This scale of this month's encrypted DDoS attack over HTTPS suggests a well-resourced operation, analysts say.

by Dark Reading Staff, Dark Reading

April 29, 2022

1 min read

Article

Explainable AI for Fraud Prevention

As the use of AI- and ML-driven decision-making draws transparency concerns, the need increases for explainability, especially when machine learning models appear in high-risk environments.

April 28, 2022

As the use of AI- and ML-driven decision-making draws transparency concerns, the need increases for explainability, especially when machine learning models appear in high-risk environments.

by David Utassy, Data Scientist, SEON

April 28, 2022

4 min read

Article

Tenable Acquires External Attack Surface Management Vendor for $44.5M

Acquisition will add Internet-facing attack surface mapping and monitoring to Tenable's internal asset management products.

April 26, 2022

Acquisition will add Internet-facing attack surface mapping and monitoring to Tenable's internal asset management products.

by Dark Reading Staff, Dark Reading

April 26, 2022

1 min read

Article

API Attacks Soar Amid the Growing Application Surface Area

With Web application programming interface (API) traffic growing quickly, the average cloud-focused company sees three times more attacks.

April 26, 2022

With Web application programming interface (API) traffic growing quickly, the average cloud-focused company sees three times more attacks.

by Robert Lemos, Contributing Writer

April 26, 2022

5 min read

Article

Ukraine Invasion Driving DDoS Attacks to All-Time Highs

Unprecedented numbers of DDoS attacks since February are the result of hacktivists' cyberwar against Russian state interests, researchers say.

April 25, 2022

Unprecedented numbers of DDoS attacks since February are the result of hacktivists' cyberwar against Russian state interests, researchers say.

by Dark Reading Staff, Dark Reading

April 25, 2022

2 min read

Article

Sophos Buys Alert-Monitoring Automation Vendor

Acquisition of cloud-based alert security company will help Sophos automate tasks bogging down security teams, the company says.

April 22, 2022

Acquisition of cloud-based alert security company will help Sophos automate tasks bogging down security teams, the company says.

by Dark Reading Staff, Dark Reading

April 22, 2022

1 min read

Article

Devo Acquires Threat Hunting Company Kognos

Acquisition will blend autonomous threat hunting with cloud-native security analytics for automating security tasks.

April 21, 2022

Acquisition will blend autonomous threat hunting with cloud-native security analytics for automating security tasks.

by Dark Reading Staff, Dark Reading

April 21, 2022

1 min read

Article

Okta Wraps Up Lapsus$ Investigation, Pledges More Third-Party Controls

Companies must enforce more security on their own third-party providers and retain the ability to conduct independent investigations, experts say.

April 20, 2022

Companies must enforce more security on their own third-party providers and retain the ability to conduct independent investigations, experts say.

by Robert Lemos, Contributing Writer

April 20, 2022

5 min read

Article

Security-as-Code Gains More Support, but Still Nascent

Google and other firms are adding security configuration to software so cloud applications and services have well-defined security settings — a key component of DevSecOps.

April 18, 2022

Google and other firms are adding security configuration to software so cloud applications and services have well-defined security settings — a key component of DevSecOps.

by Robert Lemos, Contributing Writer

April 18, 2022

5 min read

Article

CISA Alert on ICS, SCADA Devices Highlights Growing Enterprise IoT Security Risks

Omdia Senior Analyst Hollie Hennessy says the new threat to multiple ICS and SCADA devices underscores the importance of a rapid response to IoT and OT security risks.

April 15, 2022

Omdia Senior Analyst Hollie Hennessy says the new threat to multiple ICS and SCADA devices underscores the importance of a rapid response to IoT and OT security risks.

by Hollie Hennessy, Senior Analyst, IoT Cybersecurity, Omdia

April 15, 2022

3 min read

Article

How IP Data Can Help Security Professionals Protect Their Networks

Beefing up security requires a combination of forensic efforts and proactive mitigation. IP context aids both.

April 05, 2022

Beefing up security requires a combination of forensic efforts and proactive mitigation. IP context aids both.

by Jonathan Tomek, VP of Research and Development, Digital Envoy

April 05, 2022

5 min read

Article

Will the Biggest Clouds Win? Lessons From Google's Mandiant Buy

Google eventually won out in the competition for Mandiant, but Microsoft's interest underscores the trend in consolidation of security services into large cloud providers, experts say.

March 21, 2022

Google eventually won out in the competition for Mandiant, but Microsoft's interest underscores the trend in consolidation of security services into large cloud providers, experts say.

by Robert Lemos, Contributing Writer

March 21, 2022

5 min read

Article

Cut Down on Alert Overload and Leverage Layered Security Measures

Feeling overwhelmed by the number of alerts? It doesn't have to be that way.

March 17, 2022

Feeling overwhelmed by the number of alerts? It doesn't have to be that way.

by Jason Manar, Chief Information Security Officer, Kaseya

March 17, 2022

4 min read

Article

VPNs Give Russians an End Run Around Censorship

As the invasion of Ukraine continues, Russian citizens have turned to virtual private networks — boosting demand for the software by 27x — to circumvent the government's blocks on social media and news sites critical of the war.

March 16, 2022

As the invasion of Ukraine continues, Russian citizens have turned to virtual private networks — boosting demand for the software by 27x — to circumvent the government's blocks on social media and news sites critical of the war.

by Robert Lemos, Contributing Writer

March 16, 2022

4 min read

Article

How Enterprises Can Get Used to Deploying AI for Security

It's important to take a "trust journey" to see how AI technology can benefit an organization's cybersecurity.

March 11, 2022

It's important to take a "trust journey" to see how AI technology can benefit an organization's cybersecurity.

by Fahmida Y. Rashid, Features Editor, Dark Reading

March 11, 2022

4 min read

Article

Synopsys to Acquire WhiteHat Security from NTT

From “IT Army” DDoS attacks to custom malware, the country has become a target like never before.

The orders are issued like clockwork. Every day, often at around 5 am local time, the Telegram channel housing Ukraine’s unprecedented “IT Army” of hackers buzzes with a new list of targets. The volunteer group has been knocking Russian websites offline using wave after wave of distributed denial-of-service (DDoS) attacks, which flood websites with traffic requests and make them inaccessible, since the war started.

Russian online payment services, government departments, aviation companies, and food delivery firms have all been targeted by the IT Army as it aims to disrupt everyday life in Russia. “Russians have noticed regular hitches in the work of TV streaming services today,” the government-backed operators of the Telegram channel posted following one claimed operation in mid-April.

The IT Army’s actions were just the start. Since Russia invaded Ukraine at the end of February, the country has faced an unprecedented barrage of hacking activity. Hacktivists, Ukrainian forces, and outsiders from all around the world who are taking part in the IT Army have targeted Russia and its business. DDoS attacks make up the bulk of the action, but researchers have spotted ransomware that’s designed to target Russia and have been hunting for bugs in Russian systems, which could lead to more sophisticated attacks.

The attacks against Russia stand in sharp contrast to recent history. Many cybercriminals and ransomware groups have links to Russia and don’t target the nation. Now, it’s being opened up. “Russia is typically considered one of those countries where cyberattacks come from and not go to,” says Stefano De Blasi, a cyber-threat intelligence analyst at security firm Digital Shadows.

At the start of the war, DDoS was unrelenting. Record levels of DDoS attacks were recorded during the first three months of 2022, according to analysis from Russian cybersecurity company Kaspersky. Both Russia and Ukraine used DDoS to try to disrupt each other, but the efforts against Russia have been more innovative and prolonged.

Ukrainian tech companies transformed the puzzle game _2048_ into a simple way to launch DDoS attacks and have developed tools to allow anyone to join the action, irrespective of their technical knowledge. “The more we use attack automation tools, the stronger our attacks,” reads a message sent to the IT Army Telegram channel on March 24. The channel's operators urge people to use VPNs to disguise their location and help avoid their targets’ DDoS protections. Toward the end of April, the IT Army launched its own website that lists whether its targets are online or have been taken down and includes technical guides. (The IT Army did not respond to a request for comment.)

“We have made good strong hits, and a lot of websites don't work,” says Dmytro Budorin, the CEO of Ukrainian cybersecurity startup Hacken. When the war started, Budorin and colleagues altered one of the firm’s anti-DDoS tools, called disBalancer, so it could be used to launch DDoS attacks.

While Kaspersky’s analysis says the number of DDoS around the world has returned to normal levels as the war has progressed, the attacks are lasting for longer—hours rather than minutes. The longest lasted for more than 177 hours, over a week, its researchers found. “Attacks continue regardless of their effectiveness,” Kaspersky’s analysis says. (On March 25, the US government added Kaspersky to its list of national security threats; the company said it was “disappointed” with the decision. Germany’s cybersecurity agency also warned against using Kaspersky’s software on March 15, although it didn't go as far as banning it. The company said it believed the decision was not made on a technical basis.)

Budorin says DDoS has been useful for helping Ukrainians contribute to the war effort in other ways than fighting and says that both sides have improved their attacks and defense. He admits DDoS may not have a huge impact on the war, though. “It doesn't have a lot of effects with respect to the end goal, and the end goal is to stop the war,” Budorin says.

Since Russia began its full-scale invasion, the country’s hackers have been caught trying to disrupt power systems in Ukraine, deploying wiper malware, and launching predictable disruption attacks against the Ukrainian government. However, Ukrainian officials now say they have seen a drop in activity. “The quality decreased recently as the enemy cannot prepare as much as they were able to prepare,” Yurii Shchyhol, the head of Ukraine’s cybersecurity agency, the State Service for Special Communication and Information Protection, said in a statement on April 20. “The enemy now mostly spends time on protecting themselves, because it turns out their systems are also vulnerable,” Shchyhol said.

Russia Is Being Hacked at an Unprecedented Scale

Unprecedented numbers of DDoS attacks since February are the result of hacktivists' cyberwar against Russian state interests, researchers say.

The first quarter of 2022 saw a 46% increase in distributed denial-of-service (DDoS) attacks over Q4 2021, which a new report attributes to a community of "hacktivists" intent on disrupting Russian state interests in retaliation for the Ukraine invasion. 

The report, by security vendor Kaspersky, notes that the volume of DDoS attacks was already historically high, but the first months of 2022 saw more targeted and innovative activity than previously seen. The DDoS attacks also persisted for much longer than previously recorded, with the average DDoS session lasting 80 times longer than during the last months of 2021. 

The report points to one instance from the past quarter where attackers set up a site similar to a popular puzzle game called "2048" to make launching attacks on Russian sites more like a game to recruit others to launch additional attacks. 

"In Q1 2022 we witnessed an all-time high number of DDoS attacks," said Alexander Gutnikov, security expert at Kaspersky, in a statement. "The upward trend was largely affected by the geopolitical situation. What is quite unusual is the long duration of the DDoS attacks, which are usually executed for immediate profit. Some of the attacks we observed lasted for days and even weeks, suggesting that they might have been conducted by ideologically motivated cyberactivists."

Gutnikov pointed out that the report found most organizations were unprepared to defend against DDoS attacks.  

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Ukraine Invasion Driving DDoS Attacks to All-Time Highs

UltraDNS Terraform Provider enhances productivity, change management.

**Sterling, Virginia – April 21, 2022** – Neustar Security Services, a leading provider of cloud-oriented security services that enable global business to thrive online, has launched an integration with Terraform, an open-source infrastructure-as-code software tool created by HashiCorp. The new integration, UltraDNS Terraform Provider, enables DevOps teams to provision DNS changes when applications are deployed to realize enhanced productivity during that deployment.

Integrating UltraDNS into the Terraform ecosystem enhances Neustar Security Services’ capability to deliver a platform that provides speed, stability and extensibility when managing DNS. The new integration supports DNS standard and advanced records, including features such as SiteBacker, Simple Monitor/Failover, Simple Load Balancing and Traffic Controller. Available to DevOps teams on the Terraform registry, UltraDNS Terraform Provider includes four categories, 11 resources, 11 data sources, 94 self-check modules and 37 help files.

“As IT infrastructure has grown increasingly complex, so too has the task of managing DNS strategy,” said Enrique Somoza, director of product management with Neustar Security Services. “UltraDNS’s integration with Terraform enhances our customers’ velocity to accurately deploy, manage and automate DNS updates across complex cloud environments.”

The integration will allow Neustar Security Services to enable its customers’ application of Terraform across different use cases and environments.

“This latest integration reflects Neustar Security Services’ commitment to listening to and addressing the evolving needs of its customers, particularly those who use Terraform to define, build and version infrastructure safely and efficiently,” added Somoza.

Neustar Security Services’ UltraDNS integration with Terraform provides a compelling solution for DevOps managers, who can learn more about technical details here.

**About Neustar Security Services**  
The world’s top brands depend on Neustar Security Services to safeguard their digital infrastructure and online presence. Neustar Security Services offers a suite of cloud-delivered services that are secure, reliable, and available to enable global businesses to thrive online. The company’s Ultra Secure suite of solutions protects organizations’ networks and applications against risks and downtime, ensuring that businesses and their customers enjoy exceptional interactions all day, every day. Delivering the industry’s best performance service, Neustar Security Services’ mission-critical security portfolio provides best-in-class DNS, application and network security (including DDoS, WAF and bot management) services to its Global 5000 customers and beyond. For more information, visit https://neustarsecurityservices.com/.

Neustar Security Services’ UltraDNS Integrates Terraform for Streamlined, Automated DNS Management

Comcast Business mitigated 24,845 multi-vector DDoS attacks in 2021, a 47 percent increase over 2020.

**PHILADELPHIA – APRIL 20, 2022 –** Comcast Business today published results from its 2021 Comcast Business DDoS Threat Report. The report provides an overview of the Distributed Denial of Service (DDoS) attack landscape, trends experienced by Comcast Business customers and insights for measuring and mitigating risks. The report found that mulit-vector DDoS attacks targeting Layers 3, 4, and 7 simultaneously represent a 47 percent increase from the record number set in 2020.

“DDoS attacks, when they occur, can be costly and difficult to defend. The risk of losing network, server and application availability is higher than ever,” said Shena Seneca Tharnish, Vice President, Cybersecurity Products, Comcast Business. “With threat actors constantly innovating, organizations must stay vigilant to help protect their infrastructure from bad actors determined to cause financial and reputational damage."

The report indicates that 2021 was another record year for DDoS attacks, as Comcast Business DDoS Mitigation Services successfully identified and helped defend 24,845 multi-vector attacks targeting Layers 3,4, and 7 simultaneously. Overall, 69 percent of Comcast Business customers experienced DDoS attacks, a 41 percent increase over 2020, while 55 percent were targets of mulit-vector attacks, as opposed to in 2020 where most customers experienced single vector attacks.

The data also shows that DDoS attackers were indiscriminate and persistent as no verticals were spared and everyone was fair game – from tow truck drivers to churches, government, utilities, IT companies, online gambling sites, and manufacturing operations. However, the healthcare and education sectors remain favorite targets.

Seventy-three percent of all multi-vector attacks targeted the education, finance, government and healthcare sectors, likely due to vulnerabilities brought on by the COVID-19 pandemic. Threat actors also used industry-specific seasonal trends and activities to guide attacks and maximize impact.

Attacks on education customers followed the cadence of a typical school year, starting strong in January before taking a significant dip over the summer when schools were out, while the financial sector experienced a 3X uptick in attacks during November and December compared to the rest of the year.

Other key findings from the 2021 Comcast Business DDoS Threat report include:

· Attacks on information technology customers grew steadily, ending the year at 10X the January numbers.

· 98 percent of all multi-vector attacks were under 5 Gbps, as bad actors often strike at low volumes to avoid detection, degrade site performance and map out network vulnerabilities for reconnaissance.

· 69 percent of all multi-vector attacks lasted under 10 minutes, as short duration attacks are harder to detect and give IT organizations less time to respond, quickly overwhelming defenses.

· The number of vectors deployed in a single multi-vector attack increased from five to 15, while the number of amplification protocols used in multi-vector attacks increased from three to nine.

· 99 percent of customers experienced repeat attacks, while the largest and most severe attack was delivered at a rate of 242 Gbps.

The 2021 Comcast Business DDoS threat report focuses on multi-vector attacks that target Layers 3, 4, and 7 simultaneously. To download the report, please visit: https://business.comcast.com/community/browse-all/details/2021-comcast-business-ddos-threat-report

Comcast Business 2021 DDoS Threat Report:  DDoS Becomes a Bigger Priority as Multivector Attacks are on the Rise

The Russian government is ratcheting up malicious cyberattacks against critical infrastructure in countries supporting Ukraine.

The US, Australia, Canada, New Zealand, and the UK today issued a detailed joint advisory on the increased risk of cyberattacks out of Russia — both nation-state espionage and cybercriminal activity.

The advisory, issued by the Cybersecurity and Infrastructure Security Agency (CISA), warns that Russia's invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity and that the Russian government is actively trying to use cyberattacks against global organizations as a weapon in its war on Ukraine.

Security teams, including those with critical infrastructure providers in the US and beyond, need to prepare for these threats and shore up their defenses against malware, ransomware, distributed denial-of-service (DDoS) attacks, and cyber espionage. The Russian government is attempting to use cyberattacks in retaliation for sanctions as well as support being provided to the Ukraine defense efforts, according to the advisory.

Cybercrime groups have "threatened to conduct cyber operations against countries and organizations providing materiel support to Ukraine," according to the advisory. "Other cybercrime groups have recently conducted disruptive attacks against Ukrainian websites, likely in support of the Russian military offensive."

In a related development, CISA Director Jen Easterly today also announced the addition of a number of industrial control systems (ICS) companies have now joined the Joint Cyber Defense Collaborative (JCDC), a CISA initiative of government and private industry experts to coordinate on US cyber-defense operation plans for protecting and responding to cyberattacks and threats. Members of the JCDC co-authored the joint advisory CISA published today with its international partners.

The new ICS vendors include Bechtel, Claroty, Dragos, GE, Honeywell, Nozomi Networks, Schneider Electric, Schweitzer Engineering Laboratories, Siemens, and Xylem, among others. 

 "As the destruction or corruption of these control systems could cause grave harm, ensuring their security and resilience must be a collective effort that taps into the innovation, expertise, and ingenuity of the ICS community," Easterly said in her announcement of the JCDC news during the ICS conference S4x22 in Miami. "I’m excited to leverage our evolving JCDC platform to enable us to plan, exercise, and collaborate with industry leaders to drive down risk to the systems and networks we depend on so greatly as a nation.”

CISA, Australia, Canada, New Zealand, & UK Issue Joint Advisory on Russian Cyber Threats

An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3.

**Cloud Cyber Security PlatformEuropean Cyber Research TeamThreat Intelligence PlatformThe Cyber Security Partner**

La piattaforma di Security Testing e Threat Intelligence e il Cyber Competence Center di Swascan per il Cyber Security Framework Aziendale.  
Sicurezza Predittiva. Sicurezza Preventiva. Sicurezza Proattiva.

Prova il Free Trial

![](https://www.swascan.com/wp-content/uploads/2022/03/awards.png)

**In evidenza**

**Webinar - Cloud Security: dalla teoria alla pratica**

La Cloud security nel framework aziendale. Non perderti il prossimo Webinar Swascan il prossimo 27 aprile dalle 12:00 alle 13:00

Iscriviti

**Cyber Defense: Security e Data Protection in azienda**

Un Corso, affidato ai migliori esperti cyber, che sposa casi reali e LAB tecnici d’eccellenza, con l’obiettivo di supportare i corsisti nella gestione della Sicurezza Informatica. Registrati al corso e frequenta le lezioni a partire dal 03 Giugno 2022.

Scopri di più

**Cyber Risk Indicators: Infrastrutture critiche Italia**

ll servizio di Cyber Risk Indicators determina e misura il potenziale rischio cyber del settore oggetto di analisi, per il mese di febbraio abbiamo preso in esame il livello di esposizione al rischio cyber delle infrastrutture critiche italiane.

Scopri di più

![](https://www.swascan.com/wp-content/uploads/2022/03/CyberSecurity-Framwork-ita.png)

**Cyber Security Framework**

Il Cyber Security Framework è il fondamento della postura di sicurezza della tua azienda. Un insieme di processi e tecnologie che operano all’unisono per ridurre al minimo l’esposizione al rischio cyber. Si fonda sulla sicurezza predittiva, preventiva e proattiva.

**Sicurezza Predittiva**

La Sicurezza Predittiva opera a livello di Threat Intelligence. Attraverso l’analisi di fonti OSINT e CLOSINT, a livello di Web, Dark Web e Deep Web identifica minacce, rischi e informazioni relativi all’azienda target. La Sicurezza Predittiva permette di anticipare le criticità impostando correttamente la sicurezza preventiva e proattiva.

**Sicurezza Preventiva**

La Sicurezza Preventiva agisce in termini di Analisi del Rischio tecnologico, umano e di processo. Attività che rientrano negli obblighi legislativi e in termini di best practice internazionale. Le attività fanno riferimento a penetration test, vulnerability assessment, ransomware attack simulation, phishing simulation, formazione, CIS, NIST, ISO27001, GDPR Assessment.

**Sicurezza Proattiva**

La Sicurezza Proattiva permette l’adozione degli approcci relativi alla security by detection e alla security by reaction. Attraverso l’adozione di security operation center (SOC) permette di monitorare, identificare, analizzare, gestire e bloccare eventuali minacce in essere all’interno dell’azienda. La componente incident response management garantisce la corretta gestione degli incidenti aziendali attraverso l’utilizzo di Team specializzati e competenti.

Scopri i nostri servizi

![](https://www.swascan.com/wp-content/uploads/2022/03/home1.png)

**La Piattaforma di Swascan**

Swascan è la prima suite interamente in Cloud di Security Testing e Threat Intelligence: scopri tutti i servizi disponibili ora!

Domain Threat Intelligence

Cyber Threat Intelligence

Phishing Attack Simulation

Smishing Attack Simulation

Prova il Free Trial

**Cyber Security Competence Center**

**Cyber Incident Response**

Un Cyber team dedicato di pronto intervento Cyber per la gestione di Cyber Incident, attacchi DDOS, Data Breach e Attacchi Ransomware.

**Soc as a Service**

Il servizio dedicato di Monitoring & Early Warning di Swascan per la corretta gestione della sicurezza proattiva e sicurezza preventiva.

**Penetration Test**

Le attività di Penetration Test sono svolte Penetration Tester certificati e in linea con gli standard internazionali OWASP, PTES e OSSTMM.

**GRC Management**

Servizi di Security Advisory  a livello consulenziale e a livello operativo per supportare i clienti nei piani di remediation, gestione della Cyber Security, Compliance Management e Risk Management.

**Cyber Academy**

Corsi di formazione dedicati di Cybersecurity in aula o tramite Webinar. Attività di Awareness per il personale tecnico, per i dipendenti e per i Top Manager.

**Cloud Security**

Un Cyber Competence Center dedicato al mondo Cloud per le attività di governance, supporto e tutela dell’ intero insieme di tecnologie, protocolli e best practice degli ambienti cloud computing.

![](https://www.swascan.com/wp-content/uploads/2022/03/home2.png)

**24/7 Cyber Security Operation Center**

Un team dedicato nell’attività di Sicurezza Proattiva e Reattiva delle minacce informatiche sulle reti locali, ambienti cloud, applicazioni ed endpoint aziendali. Il nostro team di Security Analyst monitora i dati e le risorse, H24, 7 giorni su 7 per 365 giorni all’anno.

Threat Detection & Analysis

Valutazione minacce e vulnerabilità

Endpoint detection and response (EDR)

Network detection response

Event Correlation / Log Management

**Penetration Testing**

Il team offensive di Swascan è certificato ISO27001 e ISO9001  
Tutte le attività rispettano gli standard OWASP, PTES e OSSTMM.

![](https://www.swascan.com/wp-content/uploads/2022/03/home3.png)

**Cyber Academy**

Nella sicurezza informatica sono indubbiamente i comportamenti umani a fare la differenza, prima ancora che la tecnologia.  
La nostra Cyber Academy offre una vasta gamma di percorsi formativi strutturati per rispondere a differenti livelli di esperienza e di specializzazione tecnica.

Scopri i nostri Corsi

![](https://www.swascan.com/wp-content/uploads/2022/03/home4.png)

**Cyber Threat Intelligence**

Il servizio di Cyber Threat Intelligence di Swascan ha lo scopo e l’obiettivo di individuare le eventuali informazioni pubbliche disponibili a livello Web, Dark Web e Deep Web relative ad un determinato target. L’attività prevede la raccolta e l’analisi delle informazioni relative ad una serie di macro aree critiche quali:

Domain Threat Intelligence

**Diventa Partner Swascan**

Scopri di più sullo Swascan Partner Program, grazie al quale i nostri partner servono al meglio i clienti, forniscono soluzioni rapide e ne promuovono la crescita.

Scopri il Partner Program

CVE-2022-27104: Home - Swascan

Over half of organizations admit their security and compliance controls for managing sensitive content communications—both internally and externally—are inadequate.

PALO ALTO, Calif., April 19, 2022 (GLOBE NEWSWIRE) -- Kiteworks, the leading platform for ensuring regulatory compliance and effectively managing risk with every send, share, receive, and save of sensitive content, found in its “2022 Sensitive Content Communications Privacy and Compliance Report” that more than half of organizations believe they are inadequately protected against third-party security and compliance risks. The report attributes various reasons for this lack of preparedness, including 53% failing to encrypt all sensitive content communications with third parties, 58% lacking content governance controls to measure third-party risk, and nearly 8 out of 10 believing their compliance reports are not completely accurate.  

Findings in the Sensitive Content Communications Privacy and Compliance Report are based on a survey of 400 IT, security, privacy, and compliance professionals from numerous industries and 15 different countries around the world. In addition to struggling to manage security and compliance risks efficiently and effectively, respondents indicated they spend significant time on manual tasks related to key management and encryption/decryption, governance controls, and compliance reporting.

“Nation-states and cybercriminals know that confidential, private data holds great value, and studies show that it is increasingly the target of cyberattacks,” said Tim Freestone, Chief Strategy Officer at Kiteworks. “At the same time, regulatory bodies see these trends and have instituted, and continue to do so, standards that help protect sensitive content. This report reveals that many organizations are ill-equipped to deal with the sophistication and volume of today’s cyberattacks as well as the breadth of compliance standards when it comes to sharing and storing sensitive content. This lack of maturity creates significant security and compliance risk exposures.”

In addition to the above findings, notable admissions in the report include:

*   Nearly two-thirds of organizations share and transfer confidential data with more than 1,000 third-party entities, including one-third that do so with over 2,500 third parties.
*   41% of organizations want to see significant improvement or even a whole new approach to managing sensitive content communications.
*   59% of organizations cited distributed denial of service (DDoS), malware, and ransomware in their top two concerns for external threats.
*   Only 21% of organizations believe their compliance reports are fully accurate.
*   Almost 8 in 10 organizations spend 20-plus hours compiling audit trails and generating reports.
*   Only 14% of organizations manage and monitor all their sensitive communications taking place in the cloud.

“The Kiteworks platform provides our customers with a Private Content Network that delivers a comprehensive security and compliance approach for sharing and storing sensitive content communications,” said Frank Balonis, CISO and SVP of Operations at Kiteworks. “Granular audit controls and reporting to the level of user, folder, and file, and capabilities such as geofencing and encryption for data at rest and in motion enable our customers to protect all of their sensitive content communications while remaining compliant with a long list of regulatory standards.”

To read the 2022 Sensitive Content Communications Privacy and Compliance Report, download your copy here. You can also register to hear a panel of privacy and compliance experts discuss the findings and pinpoint actionable recommendations in a webinar scheduled for April 13 at 10 a.m. PT.

**About Kiteworks**   
Kiteworks' mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. The Kiteworks platform provides customers with a Private Content Network that delivers content governance, compliance, and protection. The platform unifies, tracks, controls, and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications.

New Kiteworks Report Reveals Significant Risk Maturity Gap

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.

Valid

Reported on

May 13th 2021

**✍️ Description**

heap-buffer-overflow of decctx.cc in function read\_sps\_NAL

**🕵️‍♂️ Proof of Concept**

Verification steps： 1.Get the source code of Bento4 2.Compile the Bento4

    $ ./autogen.sh
    $ export CFLAGS="-g -lpthread -fsanitize=address"
    $ export CXXFLAGS="-g -lpthread -fsanitize=address"
    $ CC=clang CXX=clang++ ./configure --disable-shared
    $ make -j 32
    

3.run

    $./dec265 poc
    

**💥 Impact**

This vulnerability is capable of DDOS or code execution

Fixed in 8e89fe0e175d2870c39486fdd09250b230ec10b8

@farindk - thanks for the information. Would you be able to approve and confirm the fix using the action buttons in the drop-down section above?

Dirk Farin validated this vulnerability 10 months ago

RouX has been awarded the disclosure bounty

The fix bounty is now up for grabs

This vulnerability will not receive a CVE

to join this conversation

Fixed in 8e89fe0e175d2870c39486fdd09250b230ec10b8

@farindk - thanks for the information. Would you be able to approve and confirm the fix using the action buttons in the drop-down section above?

Dirk Farin validated this vulnerability 10 months ago

RouX has been awarded the disclosure bounty

The fix bounty is now up for grabs

This vulnerability will not receive a CVE

to join this conversation

Tag

#ddos